RPort
  • RPort Knowledge Base
  • 👀WHAT IS RPORT
    • Features and benefits of RPort
      • Full feature list
    • Screenshots
    • Release Notes
      • 1.1.2
      • 1.1.0
      • 1.0.5
      • 1.0.4
      • 1.0.3
      • 1.0.2
      • 1.0.1
  • 🚀GETTING STARTED
  • Install the RPort Server
    • Launch RPort in the cloud
    • Install on-premises
    • Install on Vultr
    • Install on Azure
    • Install on AWS EC2
    • Install on Digital Ocean
    • Install on Scaleway
    • Install on Google Compute
    • Install on Hetzner Cloud
    • Install RPort on any virgin cloud VM
    • Change the FQDN of the RPort server
    • Enable two factor authentication
      • Use push on mobile for 2FA
      • Use TOTP
  • Connecting Clients
  • Using the remote access
    • Creating tunnels
      • VNC via browser
      • VNC via VNC® Viewer from RealVNC®
      • RDP via Browser
    • Open SSH from the browser
    • Scp,sftp through a tunnel
  • Renaming and tagging of clients
  • Organize clients with groups
  • Activate the vault
  • Manage users and permissions
  • Video Courses
    • Installation Preparation
    • Install on Prem
    • Install on Cloud
    • Client installation
    • Remote Access
    • Network communication
  • 🗣️ NEED HELP?
    • Troubleshoot common problems
      • RPort Server not starting
      • Restart rport through a tunnel
      • Attributes file path not set
      • Recover lost passwords
      • Client is not connecting
      • Id is already in use
  • 🔦DIGGING DEEPER
    • Using the API
      • Create client credentials
    • RPort Technology Explained
      • RPort Security Model
    • Commands and Scripts
      • Executing commands
      • Executing scripts
      • Tacoscript
    • The scheduler
    • File copy and reception
    • Client Configuration Options
      • Supervision of OS updates
      • Script and command execution
    • Advanced client management
      • Install the RPort client manually
      • Uninstall the RPort client
    • Server Maintenance
      • Monitoring of RPortd
      • Updating RPort
      • Backing up the rport server
      • Renewing certificates
    • FAQ
      • How to use Cloudflare
    • High Availability
    • Install on macOS
Powered by GitBook
On this page
  • Create your DNS record
  • Generate new SSL certificates
  • Change the rportd configuration

Was this helpful?

Export as PDF
  1. Install the RPort Server

Change the FQDN of the RPort server

Learn how to use your own name instead of the random *.user.rport.io hostname

PreviousInstall RPort on any virgin cloud VMNextEnable two factor authentication

Last updated 12 months ago

Was this helpful?

Create your DNS record

If you want to change the FQDN of a RPort server installed via the the first step is to create a DNS A Record that points to the IP address of your virtual machine.

🧨 Do not use a CNAME record pointing to the *.users.rport.io FQDN. Always use an A-record.

The free DNS service of RPort will delete unused hostnames automatically, and your CNAME-record would become orphaned.

We will use rport-server.example.com as an example for the new hostname of your RPort server.

Login to the console of your rport-server using SSH and verify the new DNS record has been set up properly. Execute the following two commands. Both must print the same IP address – the IP address of your RPort server.

# Query the DNS
$ dig +short rport-server.example.com
51.15.51.42

# Fetch your external IP address
$ wget -qO - 'https://api.ipify.org?format=text'
51.15.51.42

Generate new SSL certificates

If you already have certificates for the new FQDN, you can skip this step.

Stop the RPort server first. To generate new free certificates via Let's Encrypt, execute the following commands.

systemctl stop rportd
FQDN=rport-server.example.com
# Generate
certbot certonly -d $FQDN -n \
  --agree-tos --standalone \
  --register-unsafely-without-email
# Change group ownerships so rport can read the files
chgrp rport /etc/letsencrypt/archive/
chmod g+rx /etc/letsencrypt/archive/
chgrp rport /etc/letsencrypt/live/
chmod g+rx /etc/letsencrypt/live/
chgrp rport /etc/letsencrypt/archive/$FQDN/
chmod g+rx /etc/letsencrypt/archive/$FQDN/
chgrp rport /etc/letsencrypt/archive/$FQDN/privkey1.pem
chmod g+rx /etc/letsencrypt/archive/$FQDN/privkey1.pem
chgrp rport /etc/letsencrypt/live/$FQDN/
ls -l /etc/letsencrypt/live/$FQDN/

Change the rportd configuration

Change the ssl key and cert

With the new certificates generated, or with your own certificates, open the configuration file /etc/rport/rportd.conf with an editor. Scroll down to the lines where certificates are configured. Certificates are registered twice. In the [server] and [api] section. Change it as shown.

Before (with random *users.rport.io FQDN)

# in the [server] section
tunnel_proxy_cert_file = "/etc/letsencrypt/live/14apzztqs96l.users.rport.io/fullchain.pem"
tunnel_proxy_key_file = "/etc/letsencrypt/live/14apzztqs96l.users.rport.io/privkey.pem" 
# in the [api] section
cert_file = "/etc/letsencrypt/live/14apzztqs96l.users.rport.io/fullchain.pem"
key_file = "/etc/letsencrypt/live/14apzztqs96l.users.rport.io/privkey.pem"

After (example with your FQDN)

# in the [server] section
tunnel_proxy_cert_file = "/etc/letsencrypt/live/rport-server.example.com/fullchain.pem"
tunnel_proxy_key_file = "/etc/letsencrypt/live/rport-server.example.com/privkey.pem" 
# in the [api] section
cert_file = "/etc/letsencrypt/live/rport-server.example.com/fullchain.pem"
key_file = "/etc/letsencrypt/live/rport-server.example.com/privkey.pem"

Change the client connect url

The rportd.conf file contains a setting url =, that indicates clients who is their server. You must change this setting to the new hostname. If the client url contains a hostname, you must change it. If it contains an IP address, no changes are needed.

Before (with random *users.rport.io FQDN)

url = "http://dtdu7j7pvaxv.users.rport.io:80"

After (example with your FQDN)

url = "rport-server.example.com"

If you client url consist of a hostname you must change this hostname on all clients too in the rport.conf client configuration file.

Change the tunnel host

Change the server URL for sending two-factor tokens via email

If your RPort server is using the default script to send two-factor tokens via email, you must enter the new URL of your server in /usr/local/bin/2fa-sender.sh too.

Open the script with an editor and enter the URL of your RPort server.

Before:

-F url=https://*.users.rport.io 2>&1)

After (example with your FQDN):

-F url=https://rport-server.example.com 2>&1)

Wildcards are not supported for custom domain names.

Chang the Totp name

Start RPortd

Finally, start the rport server again with systemctl start rportd. Type in the new https://<NEW_FQDN> into your browser and check. 🎉

Don't be frightened if clienst appear disconnected. Because the rport server has beend stopped for a while it takes some time to reconnect. But trust, they will all reconnect.

Remove unneeded certificates

After rportd is running again and uses the new certificates for the new FQDN, the old certificated should be removed. Otherwise, certbot would try to renew them too, at worst running into DNS resolution errors since the old FQDN doesn't exist any more. A proper clean-up can be achieved by running certbot delete and selecting the old cert via the corresponding number key.

If your rport server runs behind a reverse proxy, can be your own or a service like CloudFlare, pay attention to the . Usually, you must specify an alternative hostname that points directly to your rport server, bypassing all reverse proxies.

Also consider changing the . When using TOTP as the second login factor, this field is filled. If you chose the FQDN of the server as the value for this field, this value should be changed in line with the new FQDN.

cloud-installer
tunnel_host setting
totp_account_name
Change the path to the new certificates.